The Heartbleed bug hit-list: how to best update all your passwords

Douglas Soltys

April 10, 2014 5:34pm

As news broke this Monday of the Heartbleed bug, citizens of the Internet have been scrambling to discover just how many of their favourite sites and services may have been compromised. If you haven’t yet heard, the Heartbleed bug is a vulnerability in the OpenSSL cryptographic library which allows for the exposure of sensitive account information like passwords and credit card numbers. OpenSSL is used by the vast majority of websites on the Internet, which means that a large number of the apps currently sitting on your smartphone were compromised as well.

A quick rundown of the affected site list at Mashable is pretty damning: Facebook, Twitter, Google, and Dropbox to name a few. While it won’t do anything to protect against previously lost data, as the vulnerability has been around for nearly two years, your best bet is to change the password for any web service affected. However, as password manager service LastPass notes, changing your password before these sites update their SSL certificates won’t help.

To that end, they’ve created a handy tool for checking the status of each affected web site. Check it out here.

  • d a


  • Mike Newman

    If you’re a LastPass user, be sure to run a security check. It will tell you which of *your accounts* needs to be updated (and will warn you to hold off if the site hasn’t generated a new certificate yet).

    In case you needed another reason to switch to LastPass.

  • Pascal

    Any Canadian list (banks, e-commerce, etc)?

    • Sequoia46.2

      Banks are all fine, same for PayPal and Amazon. Check the link in ths article “affected site list at Mashable” and it has most banks.

  • Brandon Noel

    NSA did this don’t be fooled